<html>
<head><meta charset="utf-8"><title>UnwindSafe · general · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/index.html">general</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html">UnwindSafe</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="179526391"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179526391" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179526391">(Oct 31 2019 at 12:32)</a>:</h4>
<p><span class="user-mention" data-user-id="243558">@Steven Fackler</span> so maybe a better way to explain <code>UnwindSafe</code> is to explain it as a "warning" that has false positives, and <code>AssertUnwindSafe</code> is just a way to toggle that warning off.</p>



<a name="179526431"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179526431" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179526431">(Oct 31 2019 at 12:33)</a>:</h4>
<p>In particular, it is ok and safe to always turn this warning off, and it is common to do so in generic code.</p>



<a name="179526548"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179526548" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179526548">(Oct 31 2019 at 12:35)</a>:</h4>
<p>When the warning triggers, user can either use it to improve their code, or ignore it.</p>



<a name="179526821"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179526821" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179526821">(Oct 31 2019 at 12:39)</a>:</h4>
<p>I personally like to think about <code>UnwindSafe</code> as "a waste of time that you should bypass with as little effort as possible" :P</p>



<a name="179526847"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179526847" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179526847">(Oct 31 2019 at 12:39)</a>:</h4>
<p>It's insufficiently precise to be useful in practice imo</p>



<a name="179527010"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527010" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527010">(Oct 31 2019 at 12:41)</a>:</h4>
<p>probably to late to deprecate it and remove it</p>



<a name="179527090"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527090" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527090">(Oct 31 2019 at 12:42)</a>:</h4>
<p>adding an auto trait to the language to provide a "warning" with a lot of false positives that is always ok to ignore, and for which most code's only option is to actually ignore it, doesn't sound like a good trade-off</p>



<a name="179527101"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527101" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527101">(Oct 31 2019 at 12:42)</a>:</h4>
<p>yeah</p>



<a name="179527118"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527118" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527118">(Oct 31 2019 at 12:42)</a>:</h4>
<p>we could in theory remove the bound on catch_unwind which I think may be the only place it comes up</p>



<a name="179527122"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527122" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527122">(Oct 31 2019 at 12:42)</a>:</h4>
<p>We could at least improve the docs to tell users "If you are here, just use <code>AssertUnwindSafe</code>"</p>



<a name="179527125"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527125" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527125">(Oct 31 2019 at 12:42)</a>:</h4>
<p>not sure if that's really doable in practice though</p>



<a name="179527137"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527137" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527137">(Oct 31 2019 at 12:43)</a>:</h4>
<p>I think that's doable</p>



<a name="179527151"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527151" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527151">(Oct 31 2019 at 12:43)</a>:</h4>
<p>worst case we can just add catch_unwind2 or whatever :P</p>



<a name="179527152"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527152" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527152">(Oct 31 2019 at 12:43)</a>:</h4>
<p>we probably can't remove the auto trait</p>



<a name="179527154"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527154" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527154">(Oct 31 2019 at 12:43)</a>:</h4>
<p>and deprecate the traits</p>



<a name="179527164"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527164" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527164">(Oct 31 2019 at 12:43)</a>:</h4>
<p>oh yeah they definitely can't go away since they're stable</p>



<a name="179527187"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527187" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527187">(Oct 31 2019 at 12:43)</a>:</h4>
<p>Yeah, deprecate everything, remove the bound on catch_unwind, that would save users the time to actually try to learn what this is for</p>



<a name="179527271"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527271" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527271">(Oct 31 2019 at 12:45)</a>:</h4>
<p>I will open an internal threads later, if there are others that feel that this would be a good idea, I might try wording a small RFC</p>



<a name="179527371"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179527371" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179527371">(Oct 31 2019 at 12:46)</a>:</h4>
<p>something related I've been meaning to do is to write up a std::sync reform rfc, to move things out of the one big module into std::mutex etc and shift to non-poisoning versions</p>



<a name="179528787"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179528787" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179528787">(Oct 31 2019 at 13:04)</a>:</h4>
<p>UnwindSafe and poisoning are two "pseudo-safety" mechanisms that in the end turned out to be mostly useless. I hope we've learned the lesson by now and will strictly stick to memory safety.</p>



<a name="179539115"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179539115" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Steven Fackler <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179539115">(Oct 31 2019 at 14:58)</a>:</h4>
<p>At least we got rid of the Freeze bound on Mutex::new :P</p>



<a name="179547911"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179547911" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179547911">(Oct 31 2019 at 16:19)</a>:</h4>
<blockquote>
<p>something related I've been meaning to do is to write up a std::sync reform rfc, to move things out of the one big module into std::mutex etc and shift to non-poisoning versions</p>
</blockquote>
<p>Please do.</p>



<a name="179548048"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179548048" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179548048">(Oct 31 2019 at 16:21)</a>:</h4>
<p>I really have no idea why a panic through a mutexguard panics a mutex.</p>



<a name="179548117"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179548117" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179548117">(Oct 31 2019 at 16:22)</a>:</h4>
<p>Can't it just release the lock ? The <code>unsafe</code> code using the guard needs to make sure that in case of a panic the content behind the mutex has its invariants restored anyways.</p>



<a name="179548458"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179548458" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179548458">(Oct 31 2019 at 16:25)</a>:</h4>
<p>Poisoning is not for safety (as you can see from the fact that un-poisoning is safe), just like UnwindRef it was intended as a guardrail against logical bugs from observing broken internal invariants due to untimely panics</p>



<a name="179548623"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179548623" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179548623">(Oct 31 2019 at 16:27)</a>:</h4>
<p>Sure, but if a panic can cause some unsafe code to leave some invariants broken, then that unsafe code is broken, independently of whether poisoning or unwindref are used</p>



<a name="179548754"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179548754" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179548754">(Oct 31 2019 at 16:28)</a>:</h4>
<p>Its more like a second line of defense against broken code, which ends up being a bit weird if one deals with code that's not broken</p>



<a name="179549267"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179549267" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179549267">(Oct 31 2019 at 16:33)</a>:</h4>
<p>The invariants in question can also be <em>logical</em> invariants that aren't relevant for safety but only for correct behavior of the program</p>



<a name="179679791"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179679791" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> chabing <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179679791">(Nov 02 2019 at 01:58)</a>:</h4>
<div class="codehilite"><pre><span></span>fn main() {
    println!(&quot;Hello, world!&quot;);
}
</pre></div>



<a name="179679797"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179679797" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> chabing <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179679797">(Nov 02 2019 at 01:58)</a>:</h4>
<div class="codehilite"><pre><span></span><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
</pre></div>



<a name="179679801"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179679801" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> chabing <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179679801">(Nov 02 2019 at 01:58)</a>:</h4>
<div class="codehilite"><pre><span></span><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="n">println</span><span class="o">!</span><span class="p">(</span><span class="s">&quot;Hello, world!&quot;</span><span class="p">);</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</pre></div>



<a name="179693662"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179693662" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179693662">(Nov 02 2019 at 08:54)</a>:</h4>
<p><span class="user-mention" data-user-id="247690">@chabing</span> wrong thread ?</p>



<a name="179746681"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179746681" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179746681">(Nov 03 2019 at 13:09)</a>:</h4>
<p>I recently met someone who considered Mutex poisoning one of the best innovations of Rust in the exception safety space and that ocaml might copy it for dealing with their "async exceptions"</p>



<a name="179746683"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179746683" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179746683">(Nov 03 2019 at 13:09)</a>:</h4>
<p>so, not sure about removing that one</p>



<a name="179746686"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179746686" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179746686">(Nov 03 2019 at 13:09)</a>:</h4>
<p>but for <code>UnwindSafe</code>, yes, that didn't really pull its weight</p>



<a name="179746692"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179746692" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179746692">(Nov 03 2019 at 13:10)</a>:</h4>
<p><span class="user-mention" data-user-id="132920">@gnzlbg</span> have you opened that IRLO thread yet?</p>



<a name="179818219"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179818219" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179818219">(Nov 04 2019 at 09:43)</a>:</h4>
<p>not yet</p>



<a name="179827559"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179827559" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179827559">(Nov 04 2019 at 12:12)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> if a Rust program can result in a lock being poisoned, I think the program has a bug.</p>



<a name="179827565"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179827565" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179827565">(Nov 04 2019 at 12:12)</a>:</h4>
<p>poisoning is not the way to fix the bug</p>



<a name="179827758"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179827758" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179827758">(Nov 04 2019 at 12:15)</a>:</h4>
<p>more like a diagnostic mechanism.<br>
If helping users find these bugs and fixing them is the goal, poisoning is overkill. <br>
We could, e.g., have a flag that dumps the stack trace and aborts when a panic unwinds a lock, in a similar vein to how <code>parking_lot</code> locks have optional dead-lock detection (if your program has a deadlock, it has a bug as well - we could poison the locks instead, but that isn't the goal there either).</p>



<a name="179832166"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179832166" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Laurențiu <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179832166">(Nov 04 2019 at 13:23)</a>:</h4>
<blockquote>
<p>if a Rust program can result in a lock being poisoned, I think the program has a bug.</p>
</blockquote>
<p>One use-case is detecting if someone (e.g. a user) outside of the program kills a thread, or when the program itself does it. It's considered to be a bad idea, but I've seen people calling <code>TerminateThread</code>, for various reasons. Another one is probably software that goes the extra mile to handle errors, panic and restart, à la Erlang.</p>



<a name="179832423"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179832423" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Laurențiu <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179832423">(Nov 04 2019 at 13:27)</a>:</h4>
<p>I think lock poisoning is still somewhat unexplored and has potential for some interesting applications. I'm not convinced I want the standard libraries to do it, but isn't it a bit late anyone? How can we get rid of poisoning without changing the API?</p>



<a name="179844054"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179844054" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179844054">(Nov 04 2019 at 15:40)</a>:</h4>
<p>Yeah if a lock is poisoned it's sometimes rational to ignore the poison and keep going (eg: a global RNG state which can't possibly be bad), and sometimes you want to report it to a log file, or maybe do other things. I don't think there's a single good answer to all those.</p>



<a name="179851185"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179851185" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179851185">(Nov 04 2019 at 16:52)</a>:</h4>
<blockquote>
<p>One use-case is detecting if someone (e.g. a user) outside of the program kills a thread, or when the program itself does it. It's considered to be a bad idea, but I've seen people calling TerminateThread, for various reasons. Another one is probably software that goes the extra mile to handle errors, panic and restart, à la Erlang.</p>
</blockquote>
<p>One of the reasons this is a bad idea is because this does not work. When you kill a thread, nothing guarantees that if that threads holds a lock the lock will be poisoned.</p>



<a name="179851206"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179851206" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179851206">(Nov 04 2019 at 16:53)</a>:</h4>
<p>A program that assumes that this is the case already has a bug.</p>



<a name="179851371"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179851371" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179851371">(Nov 04 2019 at 16:54)</a>:</h4>
<p>If you happen to, e.g., be on Linux, and the thread happens to call a cancellation point close to when something tries to kill it, then that cancellation point will unwind with a foreign exception, which <code>catch_unwind</code> will silently let through, and that will probably poison a <code>std::sync::Mutex</code></p>



<a name="179851440"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179851440" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179851440">(Nov 04 2019 at 16:55)</a>:</h4>
<p>but one of the other things that can happen if you don't hit a cancellation point and you haven't configured your thread in specific ways is asynchronous cancellation, where the OS raises a signal, and if you don't have a signal handler to catch it, the thread just dies, no unwinding</p>



<a name="179851588"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179851588" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179851588">(Nov 04 2019 at 16:57)</a>:</h4>
<p>or if instead of unwinding from a cancellation point like <code>glibc</code> does, your program uses <code>musl</code> which <code>longjmp</code>s, unwinding the thread stack without running destructors</p>



<a name="179852660"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179852660" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Laurențiu <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179852660">(Nov 04 2019 at 17:08)</a>:</h4>
<p>Gah, kill it with fire.</p>



<a name="179857033"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179857033" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179857033">(Nov 04 2019 at 17:56)</a>:</h4>
<p>It would be interesting to try and run crater or manually audit code to determine if there are uses of the poisoned mutex that do something other than unwrap or reach through the poison error; if I'm following correctly, our assertion is that no such valid uses exist.</p>



<a name="179870334"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179870334" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179870334">(Nov 04 2019 at 20:04)</a>:</h4>
<p>The assertion being that poisoning is useless? Unwrapping is perfectly consistent with poisoning being useful, as it will terminate the program when it reaches circumstances that the program hasn't been written to handle (similar to e.g. an out-of-bounds slice index). Sure, a ton of those unwraps are probably written with a mindset of not caring about poisoning and never get exercised when the program runs, but you can't determine whether that's the case by locally inspecting the code.</p>



<a name="179877503"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179877503" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179877503">(Nov 04 2019 at 21:16)</a>:</h4>
<p>Right, this isn't a test for poisoning being useless, but rather that there are no "interesting" uses, so to speak</p>



<a name="179877511"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179877511" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179877511">(Nov 04 2019 at 21:17)</a>:</h4>
<p>not sure if that makes sense :)</p>



<a name="179877836"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179877836" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179877836">(Nov 04 2019 at 21:20)</a>:</h4>
<p>I don't know what "interesting" uses you imagine. The two uses you describe are pretty much the only two (modulo what you do after you've reached through the poison error) I can imagine even in a world where everyone unambiguously agrees that poisoning is Good</p>



<a name="179878056"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179878056" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179878056">(Nov 04 2019 at 21:22)</a>:</h4>
<p>right -- I mean that maybe there's code that does something with the poison error other than re-panic or getting the value out anything</p>



<a name="179878085"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179878085" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179878085">(Nov 04 2019 at 21:23)</a>:</h4>
<p>getting the value out anyway*</p>



<a name="179878115"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179878115" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179878115">(Nov 04 2019 at 21:23)</a>:</h4>
<p>but I'm also not sure what we would get out of such examples, so it may not be worth the trouble :)</p>



<a name="179878168"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179878168" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hanna Kruppe <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179878168">(Nov 04 2019 at 21:24)</a>:</h4>
<p>Ah, yes, that would by conceivable. For example, resetting the state to a sensible default so that the program can carry on as normal without seeing more poisoning errors in the future.</p>



<a name="179878364"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179878364" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179878364">(Nov 04 2019 at 21:26)</a>:</h4>
<p>My thought, I guess, is that if there are such uses, that might inform us better as to the uses for poisoning; e.g. one could imagine that you instead of returning <code>Result&lt;Guard&lt;..., T&gt;, PoisonError&lt;T&gt;&gt;</code> or just <code>T</code> always return some sort of type that deref's to T and has a method for "is_poisoned"</p>



<a name="179878369"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179878369" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179878369">(Nov 04 2019 at 21:26)</a>:</h4>
<p>obviously this isn't backwards compatible :)</p>



<a name="179913774"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179913774" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179913774">(Nov 05 2019 at 09:18)</a>:</h4>
<blockquote>
<p><span class="user-mention silent" data-user-id="120791">RalfJ</span> if a Rust program can result in a lock being poisoned, I think the program has a bug.</p>
</blockquote>
<p><span class="user-mention" data-user-id="132920">@gnzlbg</span>  Isn't that the same statement as "if a Rust program can result in a panic, the program has a bug"?</p>



<a name="179913979"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179913979" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179913979">(Nov 05 2019 at 09:20)</a>:</h4>
<blockquote>
<p>but one of the other things that can happen if you don't hit a cancellation point and you haven't configured your thread in specific ways is asynchronous cancellation, where the OS raises a signal, and if you don't have a signal handler to catch it, the thread just dies, no unwinding</p>
</blockquote>
<p>but in that case the lock will also remain locked, right? so a future call to <code>lock()</code> just don't return.</p>



<a name="179914005"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179914005" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179914005">(Nov 05 2019 at 09:21)</a>:</h4>
<p>though with <code>get_mut</code> one could likely still get to the data...</p>



<a name="179915698"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179915698" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179915698">(Nov 05 2019 at 09:44)</a>:</h4>
<p><code>unsafe</code> code is required to be safe in the presence of panics</p>



<a name="179915736"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179915736" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179915736">(Nov 05 2019 at 09:45)</a>:</h4>
<p>such that catching a panic is safe</p>



<a name="179915881"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179915881" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179915881">(Nov 05 2019 at 09:47)</a>:</h4>
<p>with thread cancellation, right now we just have instant UB</p>



<a name="179915962"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179915962" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179915962">(Nov 05 2019 at 09:48)</a>:</h4>
<p>even if thread cancellation unwinds</p>



<a name="179915976"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179915976" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179915976">(Nov 05 2019 at 09:48)</a>:</h4>
<p>So you can get a poisoned mutex, but your program already has UB</p>



<a name="179916504"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179916504" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179916504">(Nov 05 2019 at 09:55)</a>:</h4>
<p>well that's even "better" then, at least in terms of justifying poisoning</p>



<a name="179916562"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179916562" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179916562">(Nov 05 2019 at 09:56)</a>:</h4>
<p>how come?</p>



<a name="179916580"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179916580" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179916580">(Nov 05 2019 at 09:56)</a>:</h4>
<p>sounds like doing a null pointer check after having dereferenced a null pointer</p>



<a name="179916636"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179916636" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179916636">(Nov 05 2019 at 09:57)</a>:</h4>
<blockquote>
<p>how come?</p>
</blockquote>
<p>someone caused UB by doing thread cancellation. poisoning only has to protect against things that can actually happen in UB-free programs.</p>



<a name="179916733"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179916733" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179916733">(Nov 05 2019 at 09:58)</a>:</h4>
<p>ah yeah, but in UB free programs, there is really no safety issue with just ignoring that a lock has been poisoned</p>



<a name="179916786"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179916786" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179916786">(Nov 05 2019 at 09:59)</a>:</h4>
<p>its a good feature to have if you want to diagnose a particular situation, just like deadlock detection (e.g. find if a lock guard was dropped by a panic)</p>



<a name="179916885"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179916885" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179916885">(Nov 05 2019 at 10:01)</a>:</h4>
<p>(deleted)</p>



<a name="179918174"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179918174" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179918174">(Nov 05 2019 at 10:21)</a>:</h4>
<blockquote>
<p>ah yeah, but in UB free programs, there is really no safety issue with just ignoring that a lock has been poisoned</p>
</blockquote>
<p>poisoning is about correctness, not safety</p>



<a name="179920197"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179920197" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179920197">(Nov 05 2019 at 10:49)</a>:</h4>
<p>so is deadlock freedom</p>



<a name="179920208"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179920208" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179920208">(Nov 05 2019 at 10:49)</a>:</h4>
<p>and many other things</p>



<a name="179920293"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179920293" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179920293">(Nov 05 2019 at 10:50)</a>:</h4>
<p>While a deadlock is always a bug, a poisoned mutex is only sometimes a bug (this is kind of why it is interesting to add an API to check this - for deadlocks it isn't)</p>



<a name="179920315"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179920315" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179920315">(Nov 05 2019 at 10:51)</a>:</h4>
<p>The question is whether it is a good trade-off to force all users of mutexes to check whether the mutex has been poisoned</p>



<a name="179920429"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179920429" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> gnzlbg <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179920429">(Nov 05 2019 at 10:52)</a>:</h4>
<p>Is the cost of having to do that worth the amount of logic bugs it catches ?</p>



<a name="179928091"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/179928091" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#179928091">(Nov 05 2019 at 12:47)</a>:</h4>
<p>agreed</p>



<a name="181182437"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/UnwindSafe/near/181182437" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zoxc <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/UnwindSafe.html#181182437">(Nov 20 2019 at 06:07)</a>:</h4>
<p>Lock poisoning is also completely useless and pure noise with panic=abort</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>